Zoek.exe v5.0.0.0 Updated 22-05-2014 Tool run by Fuchs on 01/06/2014 at 10:18:33,76. Microsoft Windows 8.1 Pro 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Fuchs\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-05-28-212549.log 34301 bytes ==== System Restore Info ====================== 01/06/2014 10:20:00 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security] [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus] [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord] [-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}] "DllName"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}] "DllName"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Baidu Antivirus] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\B filter] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\B filter] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\B fmon] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\B fmon] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\B ndef] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\B ndef] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\B protect] "InstPath"=- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\B protect] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\B protect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Bfilter] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Bfilter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Bfmon] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Bfmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Bndef] "DisplayName"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Bndef] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Bprotect] "InstPath"=- [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Bprotect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Bprotect] "DisplayName"=- [-HKEY_USERS\S-1-5-21-3139110459-3178550984-1968033295-1001\Software\Baidu Security] [-HKEY_USERS\S-1-5-21-3139110459-3178550984-1968033295-1001\Software\Baidu Security\Antivirus] [-HKEY_USERS\S-1-5-21-3139110459-3178550984-1968033295-1001\Software\Baidu Security\Antivirus\web] [HKEY_USERS\S-1-5-21-3139110459-3178550984-1968033295-1001\Software\Baidu Security\Antivirus\web] "ucloud"=- [HKEY_USERS\S-1-5-21-3139110459-3178550984-1968033295-1001\Software\Baidu Security\Antivirus\web] "dcloud"=- [HKEY_USERS\S-1-5-21-3139110459-3178550984-1968033295-1001\Software\Baidu Security\Antivirus\web] "rcloud"=- [-HKEY_USERS\S-1-5-21-3139110459-3178550984-1968033295-1001\Software\Baidu Security\PC Faster] [HKEY_USERS\S-1-5-21-3139110459-3178550984-1968033295-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=- ==== Deleting Files \ Folders ====================== C:\Users\Fuchs\AppData\Local\Temp\baidu_secure not found C:\Program Files (x86)\Baidu Security deleted C:\ProgramData\Baidu Security deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus deleted ==== Folders Found ====================== 2014-05-26 21:26:29 2014-05-26 21:26:29 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu 2014-06-01 13:20:35 2014-06-01 13:20:35 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security 2014-06-01 13:20:35 2014-05-17 05:15:12 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus 2014-06-01 13:20:35 2014-05-24 05:13:53 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security 2014-06-01 13:20:35 2014-05-17 05:11:44 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus 2014-06-01 13:20:35 2014-05-24 05:13:53 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security 2014-06-01 13:20:35 2014-05-17 05:11:44 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus 2014-06-01 13:20:35 2014-05-17 05:15:12 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus ==== Files Found ====================== --- C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\Safari_baidu_script.js --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 1556 Created time: 2014-05-24 13:54:22 Modified time: 2013-04-22 14:30:56 MD5: 670B367C3485AB4FA0046B9D1DDFF1B7 SHA1: DD0C159627F22F3BF83A8632A357EE62DE132EEC ==== Registry Search Results for "Baidu" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus] [HKEY_USERS\S-1-5-21-3139110459-3178550984-1968033295-1001\Software\Baidu Security] [HKEY_USERS\S-1-5-21-3139110459-3178550984-1968033295-1001\Software\Baidu Security\Antivirus] [HKEY_USERS\S-1-5-21-3139110459-3178550984-1968033295-1001\Software\Baidu Security\Antivirus\web] ==== C:\zoek_backup content ====================== C:\zoek_backup (files=18 folders=26 14111182 bytes) ==== EOF on 01/06/2014 at 10:22:36,06 ======================